CVE Catalog
CVE-2026-9690
HighCVSS 7.5Summary
The WP Media folder plugin in versions <= 4.0.1 has a vulnerability allowing unauthenticated arbitrary file download.
Risk Assessment
An attacker could access sensitive files on the server, potentially leading to data leaks and privacy breaches.
Recommendation
It is recommended to update the plugin to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

